Ignore typing events where sender doesn't match origin (#1523)

* Ignore typing notifications where the sender doesn't match the origin

* Update sytest-whitelist

* Fix formatting directives

2 files changed, 10 insertions, 0 deletions

diff --git a/federationapi/routing/send.go b/federationapi/routing/send.go
index fa2a7bbb..611a90a7 100644
--- a/federationapi/routing/send.go
+++ b/federationapi/routing/send.go
@@ -289,6 +289,15 @@ func (t *txnReq) processEDUs(ctx context.Context) {
 				util.GetLogger(ctx).WithError(err).Error("Failed to unmarshal typing event")
 				continue
 			}
+			_, domain, err := gomatrixserverlib.SplitID('@', typingPayload.UserID)
+			if err != nil {
+				util.GetLogger(ctx).WithError(err).Error("Failed to split domain from typing event sender")
+				continue
+			}
+			if domain != t.Origin {
+				util.GetLogger(ctx).Warnf("Dropping typing event where sender domain (%q) doesn't match origin (%q)", domain, t.Origin)
+				continue
+			}
 			if err := eduserverAPI.SendTyping(ctx, t.eduAPI, typingPayload.UserID, typingPayload.RoomID, typingPayload.Typing, 30*1000); err != nil {
 				util.GetLogger(ctx).WithError(err).Error("Failed to send typing event to edu server")
 			}
diff --git a/sytest-whitelist b/sytest-whitelist
index f4fb993a..2ba0a88b 100644
--- a/sytest-whitelist
+++ b/sytest-whitelist
@@ -483,3 +483,4 @@ POST rejects invalid utf-8 in JSON
 Users cannot kick users who have already left a room
 A prev_batch token from incremental sync can be used in the v1 messages API
 Event with an invalid signature in the send_join response should not cause room join to fail
+Inbound federation rejects typing notifications from wrong remote